<?
/*
 * @since 2012.03.28
 * @author Charles Koh
 * @returns {Login-in}
 */
   session_start();
   
   $id = $_POST['id'];
   $passwd = $_POST['passwd'];

   include "../../server/dbconn.php";

   $sql = 'select id,firstPasswd,name from member where id="'.$id.'" limit 1;';
   $result = mysql_query($sql, $connect);

   $num_match = mysql_num_rows($result);

   if(!$num_match) 
   {
     echo("
           <script>
             window.alert('Not exist ID')
             history.go(-1)
           </script>
         ");
    }
    else
    {
        $row = @mysql_fetch_array($result);

        $db_passwd = $row[firstPasswd];
		$pw = "*".strtoupper(sha1(sha1($passwd,1)));
        if($db_passwd != $pw)
        {
           echo("
              <script>
                window.alert('Not matched password {$pw} / {$db_passwd}');
                history.go(-1);
              </script>
           ");

           exit;
        }
        else
        {
           $userid = $row[id];
           $username = $row[name];
           $_SESSION['userid'] = $userid;
           session_register(userid);

           echo("
              <script>
                window.alert('Success for sign-in');
				top.location.reload();
              </script>
           ");
        }
   }        
      
?>
